Attacking Microsoft Azure

Attacking Microsoft Azure
A Penetration Tester's Guide
Matt Burrough
February 2018, 224 pp.
Use coupon code PREORDER to get 30% off!

Written by a senior penetration tester, Attacking Microsoft Azure will teach you how to launch cloud-focused penetration tests and simultaneously attack on-premise environments, giving you the full scope of your target’s vulnerabilities. Matt Burrough explains the components of Azure, identifies common security issues in cloud deployments, and explains how penetration testers can exploit them.

You’ll learn how to:

  • Gain access by circumventing two-factor authentication and stealing management certificates from developer machines
  • Make sense of Azure’s services by using PowerShell commands to find IP addresses, administrative users, and firewall rules
  • Exploit Azure’s storage model and recover storage keys
  • Attack virtual machines and acquire passwords, binaries, code, and settings files
  • Compromise networks by modifying firewall rules
  • Attack specialized services like Azure Key Vault and Azure Websites
  • Know when you might be caught by viewing logs and security events

Packed with real-world examples from the author’s experience as a corporate penetration tester, sample scripts from attacks, and “Defenders Tips” that explain how companies can reduce risk, Attacking Microsoft Azure provides a clear overview of Azure’s vulnerabilities and how to take advantage of them.

Author Bio 

Matt Burrough is a Senior Penetration Tester on a corporate red team at a large software company where he assesses the security of cloud computing services and internal systems. He frequently attends hacker and information security conferences. Burrough holds a Bachelor’s degree in Networking, Security and System Administration from Rochester Institute of Technology and a Master’s in Computer Science from the University of Illinois at Urbana-Champaign.